RSA and ECC Deprecation Timeline: When to Sunset Classical Algorithms
- QCecuring Editorial Team
- 20 Jun, 2025
- 04 Mins read
- Post quantum cryptography Security
The Deprecation Clock Is Running
RSA and ECC have protected digital infrastructure for decades. RSA-2048 secures TLS connections. ECDSA signs certificates. ECDH negotiates session keys. These algorithms underpin every secure transaction on the internet.
Quantum computing ends their reign. Shor’s algorithm breaks both RSA and ECC in polynomial time on a sufficiently large quantum computer. NIST, the NSA, and industry bodies have published concrete timelines for sunsetting these algorithms.
This is not a distant concern. The deprecation deadlines are closer than most organizations realize.
NIST Deprecation Guidance
NIST finalized three post-quantum standards in August 2024:
- ML-KEM (FIPS 203): Replaces RSA key transport and ECDH key exchange
- ML-DSA (FIPS 204): Replaces RSA and ECDSA digital signatures
- SLH-DSA (FIPS 205): Hash-based signature alternative providing algorithm diversity
NIST’s draft guidance (SP 800-131A Rev. 3) signals a phased deprecation:
| Algorithm | Current Status | Expected Deprecation | Expected Disallowed |
|---|---|---|---|
| RSA-2048 (encryption) | Acceptable | 2030 | 2035 |
| RSA-2048 (signatures) | Acceptable | 2030 | 2035 |
| ECDSA (P-256) | Acceptable | 2030 | 2035 |
| ECDH (P-256) | Acceptable | 2030 | 2035 |
| RSA-3072 | Acceptable | 2033 | 2038 |
| RSA-4096 | Acceptable | 2033 | 2038 |
“Deprecated” means the algorithm is discouraged for new deployments. “Disallowed” means it must not be used at all. The gap between deprecated and disallowed gives organizations a transition window, but that window is narrow for large enterprises.
Read our NIST PQC standards guide for detailed coverage of each standard’s technical specifications.
NSA CNSA 2.0 Timeline
The NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) sets binding deadlines for National Security Systems (NSS). These deadlines also influence federal contractors and defense industrial base organizations.
CNSA 2.0 Key Dates
| Capability | Algorithm | Deadline |
|---|---|---|
| Software/firmware signing | ML-DSA (FIPS 204) | 2025 |
| Web servers/browsers (TLS) | ML-KEM (FIPS 203) + ML-DSA | 2025 |
| Networking (VPN/IPsec) | ML-KEM + ML-DSA | 2026 |
| Operating systems | ML-KEM + ML-DSA | 2027 |
| Custom/legacy applications | ML-KEM + ML-DSA | 2030 |
| Niche equipment (IoT, SCADA) | ML-KEM + ML-DSA | 2033 |
The 2025 deadlines for software signing and TLS are already here. Organizations in the defense supply chain face immediate compliance pressure.
What CNSA 2.0 Means for the Private Sector
CNSA 2.0 applies directly to NSS. But its influence extends further. Federal procurement requirements flow down to contractors. Regulated industries watch government timelines as leading indicators. Insurance underwriters use government guidance to assess cyber risk.
If your organization sells to the federal government, CNSA 2.0 deadlines are your deadlines.
Industry-Specific Timelines
Different sectors face different deprecation pressures based on their regulatory environment and data sensitivity.
Financial Services (BFSI)
PCI DSS does not yet mandate post-quantum algorithms. But PCI SSC has signaled that future versions will address quantum threats. Financial institutions handling card data should expect PQC requirements by 2028–2030.
SWIFT and major payment networks are evaluating PQC integration. Banks that process cross-border transactions will face partner-driven migration pressure before regulatory mandates arrive.
The harvest-now-decrypt-later threat is acute for financial data. Transaction records, account details, and customer identities retain value for decades.
Healthcare
HIPAA requires encryption of protected health information (PHI) but does not specify algorithms. HHS guidance will likely follow NIST deprecation timelines. Healthcare organizations should plan for RSA/ECC phase-out by 2030–2033.
Medical records have indefinite confidentiality requirements. Genetic data, mental health records, and HIV status carry lifelong sensitivity. HNDL risk is extreme for healthcare data.
Government and Defense
Federal agencies follow NIST SP 800-131A and CNSA 2.0 directly. FedRAMP-authorized cloud providers must align with these timelines. State and local governments typically follow federal guidance with a 2–3 year lag.
Critical Infrastructure
CISA has issued guidance urging critical infrastructure operators to begin PQC planning. Energy, water, and transportation systems often run legacy equipment with 15–20 year replacement cycles. These sectors need the longest migration runways.
Technology and SaaS
Cloud providers and SaaS platforms face customer-driven demand for PQC support. Enterprise customers in regulated industries will require PQC-compliant connections. Early PQC adoption becomes a competitive differentiator.
Transition Planning
Step 1: Audit Your Algorithm Usage
Use QCecuring’s Certificate Lifecycle Management to discover every RSA and ECC certificate in your environment. CLM identifies algorithm types, key sizes, and expiration dates across cloud, on-premises, and hybrid infrastructure.
Extend the audit to SSH keys, code signing certificates, and VPN configurations. Every cryptographic touchpoint needs assessment.
Step 2: Map Dependencies
Identify systems that depend on specific algorithms. Common dependencies include:
- TLS libraries pinned to specific cipher suites
- Hardware security modules (HSMs) with fixed algorithm support
- Legacy applications with hardcoded key sizes
- Partner integrations requiring specific certificate profiles
Step 3: Build a Migration Roadmap
Align your internal timeline with the most aggressive deadline that applies to your organization:
| Organization Type | Target: Hybrid Deployment | Target: Full PQC |
|---|---|---|
| Defense/NSS | 2025 (per CNSA 2.0) | 2030 |
| Federal contractors | 2026 | 2031 |
| Financial services | 2027 | 2032 |
| Healthcare | 2028 | 2033 |
| General enterprise | 2029 | 2034 |
Step 4: Deploy Hybrid First
Hybrid key exchange combines classical and post-quantum algorithms. This approach protects against quantum attacks while maintaining backward compatibility. NIST endorses hybrid deployment as the recommended transition strategy.
QCecuring’s CLM manages hybrid certificates alongside classical certificates in a unified inventory. Automated renewal policies ensure certificates rotate to the correct algorithm profile as your migration progresses.
Step 5: Enforce Algorithm Policies
Set policies that prevent new RSA/ECC-only deployments after your deprecation date. Your CLM platform should block certificate issuance requests that use deprecated algorithms and alert on non-compliant renewals.
The Sunset Is Fixed. Your Readiness Is Not.
RSA and ECC deprecation is not a question of “if.” The timelines from NIST and NSA are published. Industry-specific deadlines are forming. The only variable is whether your organization meets those deadlines or scrambles to catch up.
Start with a cryptographic inventory. Map your algorithm dependencies. Set internal deadlines that give you buffer against the published timelines.
Read our PQC migration planning guide for a detailed enterprise migration framework.
Related Resources for: RSA and ECC Deprecation Timeline: When to Sunset Classical Algorithms
If you want to automate certificate lifecycle and eliminate outages, explore QCecuring CLM.